NATO Summit to Update Cyber Defence Policy

NATO defence ministers have approved a new and enhanced NATO cyber defence policy which is to be endorsed at the NATO Summit in Wales in September.

The defence ministers of NATO member countries met in Brussels on 3 – 4 June 2014. One of the items agreed on was a “new and enhanced” cyber defence policy, which is to be endorsed at the NATO Summit in Wales in September 2014.1

As NATO recognises that cyber defence is part of NATO’s core task of collective defence, the new policy confirms that NATO member states are able to invoke Article 5 of the North Atlantic Treaty on collective self-defence in case of a cyber attack with effects comparable to those of a traditional armed attack.2 According to Jamie Shea, Deputy Assistant Secretary General for Emerging Security Challenges at NATO Headquarters, the policy does not set any detailed criteria for the activation of Article 5 which would have to be decided by the Allies on a case-by-case basis.3

NATO is continuing to underline its fundamental responsibility for defending its own systems, while nations are expected to defend theirs. The new policy will also “help enhance information sharing and mutual assistance between Allies, improve NATO’s cyber defence training and exercises, and boost cooperation with industry.”4 It will also confirm the applicability of international law to cyberspace.

The Summit is likely to discuss the development of a NATO cyber range capability. An earlier Estonian Defence Forces proposal to use its cyber range as the Alliance’s main cyber defence training field5 was approved in June by NATO’s Supreme Allied Commander Transformation, General Jean Paul Paloméros.6